Threat Intelligence · Global monitoring

Hujumlar Bazasi

APT kampaniyalari, ransomware hujumlari va global kibertahdidlar ma'lumotlar bazasi

Jami hujumlar

0

Kritik

0

APT guruhlar

0

Davlatlar

0

// LIVE THREAT FEED

Hammasi 💀 Ransomware 🌊 DDoS 🔗 Ta'minot zanjiri 🕵️ APT 🗃️ Ma'lumot sizintisi 🎣 Fishing ⚡ Zero-day 📌 Boshqa

Kritik Yuqori O'rtacha Past

Leviathan Australian Intrusions

⚡ Zero-dayPast

Leviathan Australian Intrusions consisted of at least two long-term intrusions against victims in Australia by Leviathan, relying on similar tradecraft such as external service exploitation followed by extensive credential capture and re-use to enable privilege escalation and lateral movement. Leviathan Australian Intrusions were focused on exfiltrating sensitive data including valid credentials for the victim organizations.

👤Leviathan Australian Intrusions🎯Umumiy3-fev, 2025

ShadowRay

⚡ Zero-dayPast

ShadowRay was a campaign that began in late 2023 targeting the education, cryptocurrency, biopharma, and other sectors through a vulnerability (CVE-2023-48022) in the Ray AI framework named ShadowRay. According to security researchers ShadowRay was the first known instance of AI workloads being activley exploited in the wild through vulnerabilities in AI infrastructure. CVE-2023-48022, which allows access to compute resources and sensitive data for exposed instances, remains unpatched and has been disputed by the vendor as they maintain that Ray is not intended for use outside of a strictly controlled network environment.

👤ShadowRay🎯Umumiy2-dek, 2024

FrostyGoop Incident

⚡ Zero-dayPast

FrostyGoop Incident took place in January 2024 against a municipal district heating company in Ukraine. Following initial access via likely exploitation of external facing services, FrostyGoop was used to manipulate ENCO control systems via legitimate Modbus commands to impact the delivery of heating services to Ukrainian civilians.

👤FrostyGoop Incident🎯Umumiy20-noy, 2024

Versa Director Zero Day Exploitation

⚡ Zero-dayPast

Versa Director Zero Day Exploitation was conducted by Volt Typhoon from early June through August 2024 as zero-day exploitation of Versa Director servers controlling software-defined wide area network (SD-WAN) applications. Since tracked as CVE-2024-39717, exploitation focused on credential capture from compromised Versa Director servers at managed service providers (MSPs) and internet service providers (ISPs) to enable follow-on access to service provider clients. Versa Director Zero Day Exploitation was followed by the delivery of the VersaMem web shell for both credential theft and follow-on code execution.

👤Versa Director Zero Day Exploitation🎯Umumiy27-avg, 2024

C0017

⚡ Zero-dayPast

C0017 was an APT41 campaign conducted between May 2021 and February 2022 that successfully compromised at least six U.S. state government networks through the exploitation of vulnerable Internet facing web applications. During C0017, APT41 was quick to adapt and use publicly-disclosed as well as zero-day vulnerabilities for initial access, and in at least two cases re-compromised victims following remediation efforts. The goals of C0017 are unknown, however APT41 was observed exfiltrating Personal Identifiable Information (PII).

👤C0017🎯Umumiy1-dek, 2022